{"vulnerability": "cve-2025-2690", "sightings": [{"uuid": "3ea13e0b-49ad-4785-a2d3-e084edc489ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2690", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll4kmpjcez2h", "content": "", "creation_timestamp": "2025-03-24T10:34:20.351565Z"}, {"uuid": "ec52ad77-5c43-4d40-8313-3512327fc482", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2690", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114218899409325258", "content": "", "creation_timestamp": "2025-03-24T18:48:16.883164Z"}, {"uuid": "46072c26-89fe-472f-b223-74e173966017", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3ll4xcxt6o42h", "content": "", "creation_timestamp": "2025-03-24T14:21:29.153337Z"}, {"uuid": "e786f977-481e-42f2-8a62-bbf5d7e6f63e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "seen", "source": "https://mstdn.ca/users/rfwaveio/statuses/114207745267994188", "content": "", "creation_timestamp": "2025-03-22T19:31:39.372577Z"}, {"uuid": "29b8a72c-1f53-4171-9f06-156db2326ba1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "seen", "source": "https://bsky.app/profile/defendopsdiaries.bsky.social/post/3lksy4lhxbi2y", "content": "", "creation_timestamp": "2025-03-20T15:09:11.265613Z"}, {"uuid": "ba9456fe-eb7a-490b-802f-87d1f2f0953e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3ll4bloqu6s2d", "content": "", "creation_timestamp": "2025-03-24T07:52:41.713341Z"}, {"uuid": "20839f91-e11a-4321-84b3-64673bac846a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26900", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lizfyjlzjp2p", "content": "", "creation_timestamp": "2025-02-25T17:43:02.371140Z"}, {"uuid": "22c9549e-71e0-4ddf-82e0-d20d4a6aaf47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "seen", "source": "https://bsky.app/profile/cyberalerts.bsky.social/post/3lleqim3r2b2o", "content": "", "creation_timestamp": "2025-03-27T16:40:39.406376Z"}, {"uuid": "f3d96afb-8a3d-4e10-a4f8-b820d20f2bf2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "seen", "source": "https://bsky.app/profile/hackingne.ws/post/3lktc5muitq2q", "content": "", "creation_timestamp": "2025-03-20T18:08:42.944081Z"}, {"uuid": "235b9c95-31c9-4081-9ca8-538d0ec654ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26900", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114065783852093856", "content": "", "creation_timestamp": "2025-02-25T17:48:55.964378Z"}, {"uuid": "9b9f9191-a435-4f87-ac9b-4cd902ac99dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26900", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lj234bprgf2a", "content": "", "creation_timestamp": "2025-02-26T00:01:00.034580Z"}, {"uuid": "e94de0f3-74ce-4535-a635-fa40b57b38d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26900", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lj3dci7lgx2f", "content": "", "creation_timestamp": "2025-02-26T12:00:15.257243Z"}, {"uuid": "87a362cf-3320-4dec-bd06-5ffc83e61a4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-09-10T07:47:59.000000Z"}, {"uuid": "827960c1-e2e3-44b0-aca0-8bbfc0bb5d45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26902", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmg5uwdtkp2v", "content": "", "creation_timestamp": "2025-04-09T23:38:03.547782Z"}, {"uuid": "9ac2dccb-fd30-4159-b0bd-8b527189e3ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26908", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12043", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26908\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gurmehub Kargo Entegrat\u00f6r allows SQL Injection. This issue affects Kargo Entegrat\u00f6r: from n/a through 1.1.14.\n\ud83d\udccf Published: 2025-04-15T21:53:11.785Z\n\ud83d\udccf Modified: 2025-04-16T13:44:08.081Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/kargo-entegrator/vulnerability/wordpress-kargo-entegratoer-plugin-1-1-14-sql-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-16T13:55:59.000000Z"}, {"uuid": "e6feaaba-d6cc-4692-9894-71d053065d88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-08-10T18:27:45.000000Z"}, {"uuid": "0e6e37cf-e4d6-4e43-a34b-8145a01f7d3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26905", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5354", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26905\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Estatik Estatik allows PHP Local File Inclusion. This issue affects Estatik: from n/a through 4.1.9.\n\ud83d\udccf Published: 2025-02-25T14:17:53.320Z\n\ud83d\udccf Modified: 2025-02-25T19:07:41.362Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/estatik/vulnerability/wordpress-estatik-plugin-4-1-9-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T19:23:42.000000Z"}, {"uuid": "4a85fc0a-462d-4859-a7d3-8515d3bb3c62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/26191", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-26909\nURL\uff1ahttps://github.com/ZeroDayx/poc\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-03-28T13:36:16.000000Z"}, {"uuid": "e5e150db-950f-4c85-970c-2b2e29661378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "Telegram/qaiUzY0jU3lsWkLczH5jpfSLcodDVE0N-CXW3vtlinmUY8k", "content": "", "creation_timestamp": "2026-04-01T21:29:15.000000Z"}, {"uuid": "0d26466c-3104-4e1b-abd6-4209f9964252", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26904", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5353", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26904\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gal_op WP Responsive Auto Fit Text allows DOM-Based XSS. This issue affects WP Responsive Auto Fit Text: from n/a through 0.2.\n\ud83d\udccf Published: 2025-02-25T14:17:53.158Z\n\ud83d\udccf Modified: 2025-02-25T19:08:26.649Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-responsive-slab-text/vulnerability/wordpress-wp-responsive-auto-fit-text-plugin-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T19:23:42.000000Z"}, {"uuid": "259dabfc-cc1b-490d-a509-81a99c7d1e3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26907", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5356", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26907\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatik Mortgage Calculator Estatik allows Stored XSS. This issue affects Mortgage Calculator Estatik: from n/a through 2.0.12.\n\ud83d\udccf Published: 2025-02-25T14:17:53.513Z\n\ud83d\udccf Modified: 2025-02-25T19:04:08.800Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/estatik-mortgage-calculator/vulnerability/wordpress-estatik-mortgage-calculator-plugin-2-0-12-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T19:23:47.000000Z"}, {"uuid": "c6afcf4f-1b7e-44d3-871c-5da0daf80597", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26906", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12042", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26906\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ren Ventura WP Delete User Accounts allows DOM-Based XSS. This issue affects WP Delete User Accounts: from n/a through 1.2.3.\n\ud83d\udccf Published: 2025-04-15T21:53:11.597Z\n\ud83d\udccf Modified: 2025-04-16T13:47:17.278Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/wp-delete-user-accounts/vulnerability/wordpress-wp-delete-user-accounts-plugin-1-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-16T13:55:57.000000Z"}, {"uuid": "40d4dcc7-a1fb-45dd-971f-77caab8470f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9126", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26909\n\ud83d\udd25 CVSS Score: 9.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost allows PHP Local File Inclusion.This issue affects Hide My WP Ghost: from n/a through 5.4.01.\n\ud83d\udccf Published: 2025-03-27T15:48:49.350Z\n\ud83d\udccf Modified: 2025-03-27T16:17:01.613Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/hide-my-wp/vulnerability/wordpress-hide-my-wp-ghost-plugin-5-4-01-local-file-inclusion-to-rce-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-27T16:26:48.000000Z"}, {"uuid": "822b1847-2b7b-4845-9b14-a6618c0a1996", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26901", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11149", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26901\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: Missing Authorization vulnerability in Brizy Brizy Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy Pro: from n/a through 2.6.1.\n\ud83d\udccf Published: 2025-04-09T19:28:10.429Z\n\ud83d\udccf Modified: 2025-04-09T19:28:10.429Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/brizy-pro/vulnerability/wordpress-brizy-pro-plugin-2-6-1-broken-access-control-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T19:48:26.000000Z"}, {"uuid": "1ca2cb86-621a-4a58-9f47-c5f2878768ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26902", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11145", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26902\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in Brizy Brizy Pro allows Cross Site Request Forgery.This issue affects Brizy Pro: from n/a through 2.6.1.\n\ud83d\udccf Published: 2025-04-09T19:30:15.905Z\n\ud83d\udccf Modified: 2025-04-09T19:30:15.905Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/brizy-pro/vulnerability/wordpress-brizy-pro-plugin-2-6-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-04-09T19:48:20.000000Z"}, {"uuid": "6eed5e8e-d4e1-46c3-944e-c5799f553b07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "https://t.me/liwaamohammad/3499", "content": "https://github.com/issamjr/CVE-2025-26909-Scanner\n\nAdvanced scanner and PoC for CVE-2025-26909 in Hide My WP Ghost\n#github #exploit", "creation_timestamp": "2025-06-24T22:52:04.000000Z"}, {"uuid": "8afda73b-4695-45e2-9cbf-d6fc89444370", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26900", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5351", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26900\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Deserialization of Untrusted Data vulnerability in flexmls Flexmls\u00ae IDX allows Object Injection. This issue affects Flexmls\u00ae IDX: from n/a through 3.14.27.\n\ud83d\udccf Published: 2025-02-25T14:17:52.993Z\n\ud83d\udccf Modified: 2025-02-25T19:09:24.713Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/flexmls-idx/vulnerability/wordpress-flexmls-idx-plugin-plugin-3-14-27-php-object-injection-vulnerability?_s_id=cve", "creation_timestamp": "2025-02-25T19:23:40.000000Z"}, {"uuid": "472fddda-3de5-41ec-8063-6f8533ef79f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/41471", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aAdvanced scanner and PoC for CVE-2025-26909 in Hide My WP Ghost\nURL\uff1ahttps://github.com/issamjr/CVE-2025-26909-Scanner\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-06-22T16:02:41.000000Z"}, {"uuid": "5a3690d8-161e-450b-988f-05c3b4e32a60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "https://t.me/fattah_iriii/412", "content": "https://github.com/ZeroDayx/CVE-2025-26909\n(PoC) for detecting vulnerabilities in WordPress plugins, specifically targeting the \"Hide My WP\"", "creation_timestamp": "2025-03-29T00:12:59.000000Z"}, {"uuid": "71059da8-ccf5-4c16-a26d-3a3a0fb68a33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/26192", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-26909\nURL\uff1ahttps://github.com/ZeroDayx/CVE-2025-26909\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-03-28T13:41:11.000000Z"}, {"uuid": "0a025fc5-1d0d-4012-b7c2-d1397925d330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "Telegram/pNTteL-Xx8i8chGncpiIBXbULPUr3pQKBk06IlAIn1UZCI0", "content": "", "creation_timestamp": "2025-06-23T11:00:06.000000Z"}, {"uuid": "c8ff598f-199d-4b9a-96c5-b5fecf7fc826", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "Telegram/19EMVZIHpcnMlAoFeCqFg_0vg5TINRuzyp1l3_kYKW1wZpE", "content": "", "creation_timestamp": "2025-06-22T21:00:05.000000Z"}, {"uuid": "5c1738f7-7fc1-485d-86f9-289ced6a260a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2690", "type": "seen", "source": "https://t.me/cvedetector/20944", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2690 - Yiisoft Yii2 Deserialization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2690 \nPublished : March 24, 2025, 8:15 a.m. | 44\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\\src\\Framework\\MockObject\\MockClass.php. The manipulation leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-24T10:02:21.000000Z"}, {"uuid": "62d9be5e-7412-4e21-a56c-dd83a4d79083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "seen", "source": "https://t.me/ViralCyber/11776", "content": "\ud83d\udd34 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc RCE \u062f\u0631 \u0627\u0641\u0632\u0648\u0646\u0647 \u06cc WP Ghost\n\n\u0627\u0641\u0632\u0648\u0646\u0647 \u06cc WP Ghost \u06cc\u0627 Hide My WP Ghost\u060c \u06cc\u06a9 \u0627\u0641\u0632\u0648\u0646\u0647 \u0627\u0645\u0646\u06cc\u062a\u06cc \u0628\u0631\u0627\u06cc \u0648\u0631\u062f\u067e\u0631\u0633 \u0647\u0633\u062a\u0634 \u06a9\u0647 \u0628\u0627 \u0627\u0636\u0627\u0641\u0647 \u06a9\u0631\u062f\u0646 \u0644\u0627\u06cc\u0647 \u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc\u060c \u0628\u0627\u0639\u062b \u0627\u0645\u0646 \u0634\u062f\u0646 \u0633\u0627\u06cc\u062a \u0648\u0631\u062f\u067e\u0631\u0633\u06cc \u0634\u0645\u0627 \u0645\u06cc\u0634\u0647.\n\n\u0627\u062e\u06cc\u0631\u0627 \u06cc\u06a9 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc RCE \u0628\u0627 \u0634\u0646\u0627\u0633\u0647 CVE-2025-26909 \u0648 \u0627\u0645\u062a\u06cc\u0627\u0632 9.6 \u0648 \u0634\u062f\u062a \u0628\u062d\u0631\u0627\u0646\u06cc \u062f\u0631 \u0627\u0648\u0646 \u06af\u0632\u0627\u0631\u0634 \u0648 \u0627\u0635\u0644\u0627\u062d \u0634\u062f\u0647. \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0632 \u0646\u0648\u0639 LFI \u0648 \u062f\u0631 \u062a\u0627\u0628\u0639 showFile \u0647\u0633\u062a\u0634 \u06a9\u0647 \u0627\u0645\u06a9\u0627\u0646 RCE \u0631\u0648 \u0628\u0647 \u0645\u0647\u0627\u062c\u0645 \u0628\u062f\u0648\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a\u060c \u0645\u06cc\u062f\u0647.\n\n\u0628\u0631\u0627\u06cc \u0627\u06a9\u0633\u067e\u0644\u0648\u06cc\u062a \u0628\u0627\u06cc\u062f \u0648\u06cc\u0698\u06af\u06cc Change Paths \u0631\u0648\u06cc \u062d\u0627\u0644\u062a Lite \u06cc\u0627 Ghost \u062a\u0646\u0638\u06cc\u0645 \u0634\u062f\u0647 \u0628\u0627\u0634\u0647 \u06a9\u0647 \u0628\u0635\u0648\u0631\u062a \u067e\u06cc\u0634 \u0641\u0631\u0636 \u0646\u06cc\u0633\u062a.\n\n\u0647\u0645\u0647 \u06cc \u0646\u0633\u062e\u0647 \u0647\u0627 \u062a\u0627 5.4.01 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631 \u0647\u0633\u062a\u0646 \u0648 5.4.02 \u0646\u0633\u062e\u0647 \u06cc \u0627\u0635\u0644\u0627\u062d \u0634\u062f\u0647 \u0647\u0633\u062a\u0634./ \u0645\u0646\u0628\u0639\n\n#\u0648\u0631\u062f\u067e\u0631\u0633 #\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc_\u0627\u0645\u0646\u06cc\u062a\u06cc \n#Wordpress #CVE \n\n\ud83c\udd94 @onhex_ir\n\u27a1\ufe0f ALL Link", "creation_timestamp": "2025-03-21T16:12:19.000000Z"}, {"uuid": "170e2d09-d518-48f8-ac07-7b3d93064150", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "https://t.me/haj3imad/789", "content": "https://github.com/ZeroDayx/CVE-2025-26909\n(PoC) for detecting vulnerabilities in WordPress plugins, specifically targeting the \"Hide My WP\"", "creation_timestamp": "2025-03-28T14:47:52.000000Z"}, {"uuid": "27a972fd-b880-49f5-93bc-3a5d98b77811", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/8406", "content": "#exploit\n1. CVE-2024-55963:\nUnauth RCE in Default-Install of Appsmith\nhttps://rhinosecuritylabs.com/research/cve-2024-55963-unauthenticated-rce-in-appsmith\n\n2. CVE-2025-26909:\nLFI to RCE in WP Ghost Plugin\nhttps://github.com/zerodayx/cve-2025-26909\n\n3. CVE-2025-27840:\nVulnerability in ESP32 Microcontrollers\nhttps://github.com/demining/Bluetooth-Attacks-CVE-2025-27840", "creation_timestamp": "2025-03-31T18:38:27.000000Z"}, {"uuid": "17809c0f-4f43-4920-abe4-ddcb1f677046", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/3335", "content": "#exploit\n1. CVE-2024-55963:\nUnauth RCE in Default-Install of Appsmith\nhttps://rhinosecuritylabs.com/research/cve-2024-55963-unauthenticated-rce-in-appsmith\n\n2. CVE-2025-26909:\nLFI to RCE in WP Ghost Plugin\nhttps://github.com/zerodayx/cve-2025-26909\n\n3. CVE-2025-27840:\nVulnerability in ESP32 Microcontrollers\nhttps://github.com/demining/Bluetooth-Attacks-CVE-2025-27840", "creation_timestamp": "2025-03-31T18:38:27.000000Z"}, {"uuid": "0ed6112b-51c7-432c-886f-f7ae8838fa76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "Telegram/KggYeN27jZ-a4rfgVHT2MGe0BAzOSuPW6YEwI7pxp7JEmks", "content": "", "creation_timestamp": "2025-03-29T08:00:08.000000Z"}, {"uuid": "e1ff123c-2465-42bf-8d1a-bca56713c0dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "Telegram/AzPQc8BypPug0v3haYvH4n5j-0vLxsu-ng01TlwKe66ObjQ", "content": "", "creation_timestamp": "2025-03-28T22:00:05.000000Z"}, {"uuid": "edcdff11-88a7-4cab-ae18-83330ccc2953", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "https://t.me/haj3imad/1427", "content": "https://github.com/ZeroDayx/CVE-2025-26909\n(PoC) for detecting vulnerabilities in WordPress plugins, specifically targeting the \"Hide My WP\"", "creation_timestamp": "2025-03-28T14:47:21.000000Z"}, {"uuid": "70104312-55e7-430e-820a-944113a16502", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11988", "content": "#exploit\n1. CVE-2024-55963:\nUnauth RCE in Default-Install of Appsmith\nhttps://rhinosecuritylabs.com/research/cve-2024-55963-unauthenticated-rce-in-appsmith\n\n2. CVE-2025-26909:\nLFI to RCE in WP Ghost Plugin\nhttps://github.com/zerodayx/cve-2025-26909\n\n3. CVE-2025-27840:\nVulnerability in ESP32 Microcontrollers\nhttps://github.com/demining/Bluetooth-Attacks-CVE-2025-27840", "creation_timestamp": "2025-03-31T12:29:08.000000Z"}, {"uuid": "3b8ae247-d335-4ad1-85c6-fb3e458ef5fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26909", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mmt5lk7w4p2l", "content": "CVE-2025-26909 - Critical LFI in Hide My WP Ghost &lt;=5.4.01. CVSS 9.6. Unpatched. Disable immediately. #CVE #WordPress #infosec\n\nhttps://www.valtersit.com/cve/CVE-2025-26909/", "creation_timestamp": "2026-05-27T09:03:36.812806Z"}]}